IDMan.exe

Internet Download Manager (IDM)

Tonec Inc.

The application IDMan.exe has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
Tonec Inc.

Product:
Internet Download Manager (IDM)

Version:
6, 21, 8, 3

MD5:
904ba663ec7d770d6cd58cec37fdcb76

SHA-1:
17889d60644f76d2b2b173ac1ef124ad7cdd5a35

SHA-256:
2a515eaa393619f55a138131b84928e86578b2613e64552d6beb7eba7678822c

Scanner detections:
26 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
12/29/2024 3:26:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Rootkit.15355
836

AegisLab AV Signature
Troj.Generic
2.1.4+

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.HDC
2014.10.20

Avira AntiVirus
APPL/BitCoinMiner.wynb
7.11.179.184

avast!
Win64:Rootkit-gen [Rtk]
2014.9-141022

AVG
BitCoinMiner.D
2015.0.3314

Baidu Antivirus
Hacktool.Win64.BitCoinMiner
4.0.3.141022

Bitdefender
Rootkit.15355
1.0.20.1475

Dr.Web
Tool.BtcMine.420
9.0.1.0295

Emsisoft Anti-Malware
Rootkit.15355
8.14.10.22.06

ESET NOD32
Win64/BitCoinMiner (variant)
8.10589

Fortinet FortiGate
Riskware/BitCoinMiner
10/22/2014

F-Secure
Rootkit.15355
11.2014-22-10_4

G Data
Rootkit.15355
14.10.24

IKARUS anti.virus
not-a-virus:RiskTool.BitCoinMiner
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.184.13727

Kaspersky
not-a-virus:RiskTool.Win64.BitCoinMiner
14.0.0.3064

McAfee
RDN/Generic PUP.x!c2i
5600.6970

MicroWorld eScan
Rootkit.15355
15.0.0.885

NANO AntiVirus
Riskware.Win64.BtcMine.deywin
0.28.2.62671

Qihoo 360 Security
Win32/Virus.RiskTool.f33
1.0.0.1015

Quick Heal
RiskTool.Win64.ra (Not a Virus)
10.14.14.00

Sophos
Internet Download Manager - Miner
4.98

Trend Micro House Call
TROJ_GEN.R047C0EJ514
7.2.295

Trend Micro
TROJ_GEN.R047C0EJ514
10.465.22

File size:
519 KB (531,456 bytes)

Product version:
6, 21, 8, 3

Copyright:
Tonec Inc., Copyright © 1999 - 2014

Trademarks:
Internet Download Manager

Original file name:
IDMan.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\adobe\flash player\wincache\idman.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.24

CTPH (ssdeep):
12288:MVOEGAlH4s/FFRf725x8zHWt2/BSvHLWq1blj/UY0nTRCgu0j:MVfHX/FFRzJjc2/4vrWq1RAYyTI

Entry address:
0x1500

Entry point:
48, 83, EC, 28, 48, 8B, 05, 15, 3A, 07, 00, C7, 00, 00, 00, 00, 00, E8, 6A, 95, 05, 00, E8, 95, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 48, 83, EC, 38, 4C, 89, 4C, 24, 58, 4C, 8D, 4C, 24, 58, 4C, 89, 4C, 24, 28, E8, D8, 9E, 05, 00, 48, 83, C4, 38, C3, 0F, 1F, 00, 56, 53, 48, 83, EC, 28, 48, 85, C9, 74, 75, 83, 39, 01, 48, 89, CB, 74, 3D, 66, 66, 66, 66, 2E, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 89, D9, 48, C7, 03, 00, 00, 00, 00, 48, C7, 43, 08, 00, 00...
 
[+]

Code size:
388 KB (397,312 bytes)

Remove IDMan.exe - Powered by Reason Core Security